Tuesday 31 March 2015

Become A Hacker: What Is Denial of Service (DoS) Attack?


Denial of Service (DoS) Attack- picateshackz.com

If you are working in the field of computer networks or an enthusiast in the field of network security, you are sure to have come across the term “Denial of Service attack” which is simply referred to as “DoS attack”. Today, this is one of the most common types of network attacks carried out on the Internet. In this post, I will try to explain DoS attack, its variants and methods involved to carry out the same in an easily understandable manner.

What is a DOS Attack?

Denial of Service or DoS attack is a type of network attack designed to flood the target network or machine with a large amount of useless traffic so as to overload it and eventually bring it down to its knees. The main intention behind DoS attack is to make the services running on the target machine (such as a website) temporarily unavailable to its intended users. DoS attacks are usually carried out on web servers that host vital services such as banking, e-commerce or credit card processing.
A common variant of DOS attack known as DDoS (Distributed Denial of Service) attack has become quite popular in the recent days as it is more powerful and hard to detect. A typical DoS attack has a single place of origin while a DDoS attack originates from multiple IP addresses distributed across two or more different network. The working of a DDoS attack is shown in the following diagram:

Unlike a DoS attack where the attacker uses one single computer or a network to attack the target, a DDoS the attack originates from different pre-compromised computers belonging to different networks. As the attacker uses a number of computer systems from different networks each residing in different geographical locations, the incoming traffic looks natural and therefore becomes hard to detect.

Protection Against DoS/DDoS Attacks:

DoS attacks can easily be handled by blacklisting the target IP (or range of IPs) that are found to be making too many requests/connections (in an unnatural way) to the server. However, DDoS attacks are complicated as the incoming requests seem more natural and distributed. In this case it is hard to find the difference between the genuine and malicious traffic. Taking an action at the firewall level to blacklist suspected IPs may result in false positives and therefore may affect the genuine traffic as well.

How to defend against a sync flood attack:

What are some ways to protect against sync flood attacks?
A Sync flood attack, better known as a SYN attack, has its origins as one of the original types of distributed denial-of-service (DDoS) attacks and have not been significant threats to enterprises today. Most CERT advice from 1996 still applies to modern systems, but obviously many improvements have been made in the last 15 years.

A SYN attack is one where an attacker makes an initial connection to a victim computer and the victim computer waits for the completion of the connection. The attack is exploiting part of the three-way handshake in TCP for establishing reliable connections. When the initial connection is left open, it consumes resources on the victim computer until it runs out of connections or has other issues.

To protect against sync flood attacks, you have several options. The attacks can be detected by standard intrusion detection systems (IDS) and could also be blocked or minimized by built-in features in firewalls and other devices. Further protections could include lowering timeouts for how long a system waits for another system to complete the three-way handshake or having your ISP block the attacks.




Methods Involved in DoS Attack

The following are some of the commonly employed methods in carrying out a DoS attack:
  • SYN Flood Attack
  • Ping Flood Attack (Ping of Death)
  • Teardrop Attack
  • Peer-to-Peer Attacks

1. SYN Flood Attack




SYN flooding is an attack vector for conducting a denial-of-service (DoS) attack on a computer server.


The attack involves having a client repeatedly send SYN (synchronization) packets to every port on a server, using fake IP addresses. When an attack begins, the server sees the equivalent of multiple attempts to establish communications. The server responds to each attempt with a SYN/ACK (synchronization acknowledged) packet from each open port, and with a RST (reset) packet from each closed port.


In a normal three-way handshake, the client would return an ACK (acknowledged) packet to confirm that the server's SYN/ACK packet was received, and communications would then commence. However, in a SYN flood, the ACK packet is never sent back by the hostile client. Instead, the client program sends repeated SYN requests to all the server's ports. A hostile client always knows a port is open when the server responds with a SYN/ACK packet.

The hostile client makes the SYN requests all appear valid, but because the IP addresses are fake ones, it is impossible for the server to close down the connection by sending RST packets back to the client. Instead, the connection stays open. Before time-out can occur, another SYN packet arrives from the hostile client. A connection of this type is called a half-open connection. Under these conditions, the server becomes completely or almost completely busy with the hostile client and communications with legitimate clients is difficult or impossible. For this reason, SYN floods are also known as half-open attacks.

The transmission by a hostile client of SYN packets for the purpose of finding open ports and hacking into one or more of them, is called SYN scanning.


2. Ping Flood Attack (Ping of Death)




Ping of Death (a.k.a. PoD) is a type of Denial of Service (DoS) attack in which an attacker attempts to crash, destabilize, or freeze the targeted computer or service by sending malformed or oversized packets using a simple ping command.
While PoD attacks exploit legacy weaknesses which may have been patched in target systems. However, in an unpatched systems, the attack is still relevant and dangerous. Recently, a new type of PoD attack has become popular. This attack, commonly known as a Ping flood, the targeted system is hit with ICMP packets sent rapidly via ping without waiting for replies.
Attack Description
The size of a correctly-formed IPv4 packet including the IP header is 65,535 bytes, including a total payload size of 84 bytes. Many historical computer systems simply could not handle larger packets, and would crash if they received one. This bug was easily exploited in early TCP/IP implementations in a wide range of operating systems including Windows, Mac, Unix, Linux, as well as network devices like printers and routers.
Since sending a ping packet larger than 65,535 bytes violates the Internet Protocol, attackers would generally send malformed packets in fragments. When the target system attempts to reassemble the fragments and ends up with an oversized packet, memory overflow could occur and lead to various system problems including crash.
Ping of Death attacks were particularly effective because the attacker’s identity could be easily spoofed. Moreover, a Ping of Death attacker would need no detailed knowledge of the machine he/she was attacking, except for its IP address.
It is worthy of note that this vulnerability, though best recognized for its exploitation by PoD attacks, can actually be exploited by anything that sends an IP datagram - ICMP echo, TCP, UDP and IPX.
Methods of Mitigation
To avoid Ping of Deatch attacks, and its variants, many sites block ICMP ping messages altogether at their firewalls. However, this approach is not viable in the long term.

Firstly, invalid packet attacks can be directed at any listening port—like FTP ports—and you may not want to block all of these, for operational reasons.

Moreover, by blocking ping messages, you prevent legitimate ping use – and there are still utilities that rely on ping for checking that connections are live, for example.Incapsula mitigates a massive HTTP flood: 690,000,000 DDoS requests from 180,000 botnets IPs.



The smarter approach would be to selectively block fragmented pings, allowing actual ping traffic to pass through unhindered.

Incapsula DDoS Protection services intelligently and preemptively identify and filter out all abnormally large packets, even if they are fragmented—eliminating the threat of PoD and similar packet-based attacks altogether.

3. Teardrop Attack


A teardrop attack is a denial-of-service (DoS) attack that involves sending fragmented packets to a target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device. This generally happens on older operating systems such as Windows 3.1x, Windows 95, Windows NT and versions of the Linux kernel prior to 2.1.63.

One of the fields in an IP header is the “fragment offset” field, indicating the starting position, or offset, of the data contained in a fragmented packet relative to the data in the original packet. If the sum of the offset and size of one fragmented packet differs from that of the next fragmented packet, the packets overlap. When this happens, a server vulnerable to teardrop attacks is unable to reassemble the packets - resulting in a denial-of-service condition.


Definition - What does Teardrop Attack mean?

A teardrop attack is a denial of service (DoS) attack conducted by targeting TCP/IP fragmentation reassembly codes. This attack causes fragmented packets to overlap one another on the host receipt; the host attempts to reconstruct them during the process but fails. Gigantic payloads are sent to the machine that is being targeted, causing system crashes.

Techopedia explains Teardrop Attack
While much more popular on older versions of Windows, the teardrop attack is also possible on Windows 7 and Windows Vista machines that have SMB enabled. The driver vulnerability on the latter two operating systems was noted in 2009, but Windows 2000 and Windows XP are not vulnerable to this type of teardrop attack, which hones in on TCP ports 139 and 445 on the firewalls of the SMB-enabled machines. If users don’t have patches to protect against this DoS attack, SMBv2 should be disabled, as recommended by Microsoft, and ports 139 and 445 should be blocked.


4. Peer-to-Peer Attacks


The evolution of computing continues to lead to greater decentralization. Mainframes gave way to local area networks (LANS), which provided greater economies of scale. The Internet has allowed for even greater distribution capability; peer to peer computing has grown as a result. Examples of peer to peer networks include the popular Kazaa and Napster file sharing services. These types of networks allow for significant transfers of data, yet they are vulnerable to attack from multiple sources.

Definition

Peer relationship exploitation can be defined in several ways. First, it can be the exploitation of transitive trust relationships created by peer-networking so as to expand privileges to the transitive closure of peer trust. It can also be defined in less technical terms. Exploitation can be when an insider uses the security access of colleagues to gain access to unauthorized information.  This can include physical access or information access. This essay will focus on the first type of attack.



Posted by at No comments:
Labels: , ,

Thursday 26 March 2015

Kali Linux Tutorial: Find Vulnerabilities for Any Website Using Nikto

Find Vulnerabilities for Any Website Using Nikto- picateshackz.com

In this tutorial i'm going to explain how to Find Vulnerabilities for Any Website Using Nikto
tool in Kali linux, Before attacking any website, it's critical to do good reconnaissance. A few minutes of recon can save you hours on a hack. Simply trying various attacks without first finding which attacks the site is vulnerable is pure foolishness.

Nikto tool is freely available in hacker's Os Kali linux,

Let's start with Kali Linux,


Kali Linux


First off, you need to have Kali linux (or backtrack) up and running on your machine. Any other Linux distro might work, but you'll need to install Nikto on your own.

 Now if you don't have Kali Linux installed, you might want to go to this page: An Introduction to Hacker's OS Kali Linux and Installation Tutorial


Nikto


There are a number of tools and applications to find vulnerabilities in websites, but one of the simplest (and one of my favorites) is nikto.

This small and simple tool examines a website and reports back to you the potential vulnerabilities that it found that you could use to exploit or hack the site. In addition, it's one of the most widely used website vulnerabilities tools in the industry and in many circles considered the industry standard.

Although this tool is extremely useful and effective, it is NOT stealthy. Any website with an IDS or other security measures in place will detect that you are scanning it. Originally designed for security testing, it was never meant to be stealthy.

Step 1: Fire Up Kali & Open Nikto


Let's fire up Kali and get started with nikto. Once we have Kali up and running, go to Kali Linux -> Vulnerability Analysis -> Misc Scanners ->nikto, like in the screenshot below.


Although there are many options in using nikto, we will limit ourselves here to the basic syntax, such as this:

nikto -h <IP or hostname>


Step 2: Scan the Web Server


Let's start with a safe web server on our own network. In this case, I have started the http service on another machine on my network. There is not a website hosted by this machine, just the web server. Let's scan it for vulnerabilities by typing:


nikto -h 192.168.1.104
Nikto responds with a lot of information, as you can see below.



First, it tells us the server is Apache 2.2.14, probably on Ubuntu. It nailed this info and gives up more information on other potential vulnerabilities on this web server.

Note near the bottom that it identifies some vulnerabilities with the OSVDB prefix. 

This is the Open Source Vulnerability Database. This is a database maintained of known vulnerabilities at www.osvdb.org, in addition to other databases I covered, such as SecurityFocus and Microsoft's Technet.



3: Scan the Site


Let's see what nikto can tell us about this site.

nikto -h webscantest.com



Once again, it identifies the server (Apache) and then proceeds to identify numerous potential vulnerabilities pre-fixed with OSVDB. 

We can take a look at that website at www.osvdb.org to learn more about these vulnerabilities.



Now, let's use this site to find information on one of the vulnerabilities identified by nikto as  OSVDB-877. We can put that reference number into the search function and it retrieves the following page.



Note, in lower half of this page there are cross-references to the various information sources about this vulnerability, as well as references to tools and filters such as Nikto, Nessus, and Snort.





Scan Facebook


Finally, lets point nikto at www.facebook.com.

nikto -h facebook.com



As you can see, Facebook is tightly secured with few vulnerabilities. As you can imagine, if Facebook weren't secure, every script-kiddie on the planet would be hacking it to see who his true love is chatting with online.


Read my previous article to hack a website: How to Hack Website Using Sql Map in Kali Linux - Sql Injection

Posted by at No comments:
Labels: , , , ,

Monday 23 March 2015

Programming Languages For Hackers And Learn It From Most 6 Helpful Websites

Programming Languages For Hackers- picateshackz.com
A hacker should know 2 more programming languages so in this post i am explaining about which programming language a hacker should learn for hacking and top 6 most helpful websites to learn programming languages easily.
having the prior knowledge of programming is something which will separate you from all the other script kiddes( Wanna be hackers) and other tool lovers out there, Lots of times during penetration tests you come across a point where you need to write or build your own custom scripts and programs this is where the knowledge of programming comes handy.

The other and by the far the most important advantage of programming is that you will be able to understand exploit codes and even learn to write them too, Though there are softwares which have made the process of exploit writing much simpler, but you still need to have a solid grasp of programming languages in order to know how the exploits work.

Now that you have understood the importance of learning programming languages, You might be asking yourself “where to began”, “Which programming language” should I began learning with, Don’t worry, I have seen these types of questions asked a lot in various hacking communities and forums, The answer to these questions is that it depends on your interest.

i suggest you to read my preview article How To Become A Hacker - Complete Guide For Beginners.


Web Hackin

Now if you are interested in webhacking subject, subject then I would recommend you to learn the following languages:

1. HTML – Start with Html if you don’t know it


2. Javascript – Next learn javascript, which will help you understanding the fundamentals of cross site scripting which will be explained later in this book.

3. SQL Databases – You should learn to work with databases, which will help you to understand the fundamentals of SQL Injection attacks which will be also explained later in this book when we come to the Web Application hacking chapter.

4. PHP – Learning PHP should be your one of your first priorities if you want to understand the mechanisms behind the web hacking attacks. I would recommend you to learn it as soon as possible.
Recommended Sources: 

5. W3schools – W3schools has wide variety of e-learning courses including languages like PHP, HTML, Javascripts etc, If you have zero knowledge of programming languages try starting with HTML and javascript.


Exploit Writing 

Exploit writing is a very difficult segment in hacking as it requires pure programming knowledge, which is why I will not recommend you to start with exploit writing, Exploits are/can be coded in almost any programming language e.g C/C++, Python, Perl etc, but more than 50% of the exploits you will find on the web will be coded in C/C++ languages because they were present before any one of other languages. Languages such as C and C++ are considered as programming languages where as languages such as ruby, perl and python are considered more as scripting languages.

I would recommend you to start with C languages and then to C++, C/C++ have lots of similarities, so if you could get a good grasp on any one of them you can learn the other one easily.

Ruby

Talking about scripting languages, I would recommend you to start with Ruby, Ruby is one of my most favorite programming language as it’s purely objected oriented which means that everything you work on is an object. Ruby is really useful when it comes to exploit writing, Ruby is used for coding meterpreter scripts and what could be more better that the Metasploit framework itself was coded in ruby language.

Python

Python is also a very useful programming language, it can also be used for exploit writing, If you go for python first then make sure that you learn Python socket programming as it will help you a lot in the exploit creation process.

PERL

Talking about PERL, it’s also used widely for exploit writing, you will find lots of exploits out there written in PERL, but the problem is that perl is really difficult compared to other languages such as ruby and python, so I would recommend you to learn it at the very end.



Reverse Engineering

Reverse engineering is an act of tampering softwares, applications to make them work out way, If you are interested in reverse engineering and software cracking stuffs then you would surely need to learn Assembly language.


If you are serious about learning to code in assembly then I would recommend you to read jeff Duterman’s “Assembly Language Step-by-step” book.
undefined

This concludes our chapter “Hacking And Programming”, One thing I would like to point out that learning 10 different programming languages is not a big deal but mastering a one is surely very difficult, Consider picking up a programming language to learn and make sure that you keep practicing it.


Most 6 Helpful Websites To Learn Computer 

Programming Languages


Ever wanted to learn computer programming languages, but didn't know where to start? Well, those days are over. Today learning programming languages is not really a hard job. If you are a beginner and have aptitude to learn computer programming then you can accomplish this goal within a few months. Here are the top 6 websites, which are useful for learning programming.


1. W3schools.com

If you are a beginner or intermediate programmer, then w3schools is an excellent website for learning programming. W3schools offer tutorials for a variety of web programming and scripting languages such as html, html5, css, asp, Ajax, JavaScript, php, jQuery etc. So, if you are into web development then w3schools would be a great learning resource.
Learn Computer Programming

2. Codeavengers.com:

If you want learn coding for making games, apps or websites using html/html5, css3, JavaScript python, but want an entertaining teaching resource. Then codeavengers.com is ideal choice for you. Codeavengers.com was designed by keeping difficulty for beginners in mind. It provides a fun and interactive learning environment that is effective for all age groups. Even if you are an intermediate programmer, you might find some great learning stuff there.
Learn Computer Programming

3. Codecademy.com

Codeacademy is another great website, for learning languages like JavaScript, HTML/CSS, PHP, Python, and Ruby. You can even learn how to use some popular web APIs in your website or app.  Codeacademy has a great modern learning system, which is based on user interaction. It has full-fledged programming courses for beginners. Again, this website is great for beginners and intermediate learners. But advanced programmers can also find some pretty useful stuff there.
Learn Computer Programming

4. tutorialspoint.com

Tutorialspoint has tutorials for a lot of web, high level and scripting languages that are commonly used today. You can find tutorials for any computer language that you have ever heard of (those that are currently in used). Apart from that, it also features a variety of tutorials for other fields such as DIP, OS, SEO, Telecom, DBMS, and frameworks etc.  Some commonly used languages that you can learn there are: Java, C++, PHP, Python, Ruby, C#, Perl, VB.Net, ios.
Learn Computer Programming

5. msdn.microsoft.com

Although, beginner programmers might find MSDN (Microsoft Developer Network) a tough learning resource, it is still the best resource you can get, if you want to master Microsoft oriented languages such as VB.Net, C# etc. MSDN has great tutorials for beginners, intermediate and advance programmers.
Learn Computer Programming

But as I stated earlier, beginners might not be initially comfortable with MDSN, as I has really a lot of resources that it would be a hard time for beginners to find what they are looking for. But if you get used to MSDN, then it is the ideal learning point for Microsoft oriented languages. You can get a lot of sample applications, tutorials and resources that are uploaded by Microsoft and MSDN community. Since it’s a developer’s network, you can even find development help from community members.

6. Lynda.com

You might already know about Lynda.com. Lynda offers easy to follow video tutorials. Lynda.com is an old and well established tutoring site, if you are looking for video tutorials to learn computer languages, then Lynda is your ideal choice. Apart from programming languages, Lynda also offers tutorials for a variety of other fields such as 3D modeling, CAD, Photography etc. Lynda.com is an old and well established tutoring site.
Learn Computer Programming

So the next time someone asks you about your computer skills, you know where to turn. I hope you will learn a lot from this article. :)

Posted by at No comments:
Labels: ,

Saturday 21 March 2015

How To Become A Hacker - Basic Guide For Beginners

Become A Hacker - Basic Guide- picateshackz.com

Hello newbie hackers,  I should say that “How to become a hacker” is a million dollar question so in this article i am explaining about the topic How To Become A Hacker. it is a complete tutorial for beginners who want to become a hacker.

There was a time in 90's when movies were creating and showing hacker culture, their personalities and lifestyle; some of these movies have shown hackers as a hero and some made them villain. At the end, movies have created a mindset of our generation to become a hacker in order to achieve their objectives, whether they are good or bad.

When someone ask this question, I used to float a counter question; “Why do you want to become a hacker ? Why not IT security professional or penetration tester ?” And believe me most of the time people say that it sounds good to be a hacker. My simple is point is that:

“Media has created this mentality to be a hacker instead of professional penetration tester”

Neither I will define the word hacker here, nor I will differentiate between penetration tester and hacker but in this series of “to be a hacker” I will show a pathway to become an IT security professional. 


If you cannot handle the difficulties and challenges then leave this field at your earliest, IT security is a dynamic field which requires education, certification, human skills and impatient while learning something. So you should be waiting to handle loads of challenges coming your way to become a hacker Penetration tester.


Education & Skill Set


Any degree related to computer sciences is highly recommended because while studying computer science you get to know about the programming, scripting, networking (wired & wireless), web,database, cryptography and many other things that will help you throughout your IT security career. Apart from computer sciences, engineering degrees like Telecommunication and electronic degree are also a good option; these degrees enhance your networking and hardware skills, and you may learn the software side while working :)

If you don't have any degree, then come on you need not to worry about it; in history many outstanding professionals did not complete their degree. A little difference is that you need to learn those skills by yourself, believe me you can learn everything free online that a university could teach you.

The Bottom line is that, you need a particular skill set; it does not matter from where you acquired those skills.


Follow the Master, Become the Master


You have got the suitable education now what; have you become the hacker ? No! As I said challenges, it starts from here. To become the master, you need to follow the master; you need a mentor who can show you the path, direction and who share his/her experiences and the one who make you what you wanted yourself to be made.

Be wise while selecting the mentor, it defines your future. Here master can be anyone, it could be a human being, a blog or website and group or place of discussion; you may have as many mentors as you want. Be focused, plan your action to achieve the objectives (but first you need to define your objectives).


Required Intangible Skills to become a hacker



 
You might be thinking that hacking process has nothing to do with philosophy & psychology but believe me it has; apart from the technical skills,the success of any hacking attack is also 
depends on the psyche of the attacker. 

Become A Hacker - Basic Guide- picateshackz.com

Become A Hacker - Basic Guide- picateshackz.com


Intangible Skills


“Focus” is the key to get success in every aspect of life, be focused on what you want to achieve. Let's consider an example, you want to find avulnerability in Facebook; you tried your level best, you were trying to achieve the objective but you failed. The word failure shows your weakness, so please hide it or destroy it; you can't fail until you keep trying.

“You only fail when you accept your defeat” The foremost skill to become a penetration tester is never ever give-up and be focused in achieving your objective. If you will be able to develop this skill then take my word, “nobody can stop you to become a hacker/IT security expert”. Let's get back to the example; finding a vulnerability in Facebook takes time, patience, persistence, attention and believe me it is possible. Keep try until and unless you will get success, the same suggestion for this guide too; don't show impatience, read and implement. Are you developing the skills discussed in the first episode ? Have the mentor been selected yet ? Are you trying to become (focus) a hacker ? We have discussed many important points so far that could lead you to get the success, if you can understand these points.

Attitude, Values, Culture


Winning, success and achieving the objective are all the attitude of a hacker mindset; the value is to care and learn. Learning is very essential, you need to learn new skills, latest technology and everything, make reading your habit.

Limited resources and unlimited wants; in hacking culture you have to believe that everything is possible, you yes you, the master of your own. Increase your capacity of learning, develop problem solving skills; start with basic mathematics, move to algorithm, functions and so on. Remember resources are limited but your wants are unlimited you need to fulfill your wants either by limiting your needs (not recommending) or increasing your capacity (highly recommended).

Don't ever indulge yourself in the repetitive tasks which you will soon find boring, your attitude should show that you are creative; because you have the creativity to understand the working and process of everything and yes you can make amendment to enhance or destruct the system (this is your attitude).


Freedom & Competency

You need freedom, you want freedom and you love freedom; act this and demonstrate this. You are competent and you need to prove it; select your benchmark, work and achieve higher than this, judge and rate yourself. Make yourself prepared for the real competition, you should not afraid of competition; you are creative, you are competent (this is your value, and you have to prove). Develop and sharpen your core competency, your core competency is the one you do best and nobody can beat you. Make this world to believe in you by showing your competency, and you will become the mentor of many.


Required Technical Skills to be a Hacker


Become A Hacker - Basic Guide- picateshackz.com

Now i want you to read my latest article before you go for further discussion: Become A Hacker: Types Of Cyber Attacks And Must Know Facts

Hacking without any technical skill and knowledge is a dream that can't come true, but what kind of technical knowledge is required to become a hacker is the real question. The intangible skills alone can't give you success in the field of information security, you need to have the in depth understanding of how technology is actually working; you need to understand the systems and processes, from electrical pulses to radio frequency, from bits to bytes and from Windows OS to Linux OS. There are many computer languages are required your attention but to follow the right direction is the real deal that will lead you to your destination.

Computer Networking


There are so many things to discuss under the single heading of computer networking, but as you can't be an expert on everything so the recommendation is to know everything a little, at least.

You should understand the OSI layer model and it protocols (HTTP, FTP, IP, TCP, BGP, NAT, DHCP etc etc) – protocols depend on the layer of the OSI model. Learn the art of routing, how router and switches work, understands the wireless protocols for WiFI hacking (oh come on, learn something with the intention of learning).

There are many books are available on the aforementioned topics but it is always recommended to get a mentor who guide you throughout your journey. You have done or if you are doing any degree in computer science (or related field) then you are most likely to learn all these topics, however if you want self study then start your study now because each topic may cover an entire book.



Operating System Skills


To understand the operating system is very crucial to be succeed in infosec world. Understanding the OS does not mean to install/configure and use the OS efficiently; it means to understand the concept, the flow and the architecture of an operating system. You should not limit yourself to any specific OS, learn as much possible as you can including mobile OS (Android, iOS etc.).

Programming & Scripting Languages 


There is a saying that, “Programming is not necessarily required to become a hacker/infosec professional”. Let's break it and try to understand this saying, it is true that most of the successful penetration testers don’t write code but it does not mean that they can't write or they don't understand the coding. So understanding is the KEY, you should understand the tool you are using for your test and don't forget the importance of manualpenetration testing and code review.

Learn the programming languages for example: C, C++, Java etc. The scripting languages are also important, including but not limited to: Perl, Ruby, bash etc.

Becoming a Hacker - What, How and Why?



To be a hacker penetration tester is not a single day process at all, it requires time, effort and skills. The discussed intangible skills (attitude, culture, values, freedom etc) have gathered immense interest of infosec professionals, and I have been asked to write on requiring technical skills, I will share the story soon but the agenda of this story is to share an infographic created by schools.com


What type of hacker do you want to be? What does hacker do? Hacking as a career. How much money could a hacker earn (hacker salary)? The answers of the asked questions are discussed on the info-graphics(see the two pictures).



I am strongly recommend you to read my latest article to know more about hacking: Beginners Guide: What is Hacking and How to Become a Social Engineer


What to do next?


Incorporate the aforementioned skills in your daily life, if you just read and forget then you will achieve nothing; as discussed be focused, learn and implement.

At the end of this article,we can conclude that learning is the key and learning is the most important aspect to survive in the field of information security, keep in mind that technology is changing everyday and you need to change your mind at the same speed else you will be kept behind. Learn the existing, previous and upcoming technology infrastructure and languages; as you are more likely to break the code you understand fully.
  • Here is very helpful guides and tutorials, you should most probably go in this order:
  1. Understand The Hacker Mindset To Become A Real Hacker
  2. Programming Languages For Hackers And Learn It From Most 6 Helpful Websites
  3. Installing Hacker's OS Kali Linux In VMware (Beginners Guide With Screenshots)
  4. Easy Steps to Create Web Penetration Testing Lab in Kali Linux
  5. Introduction to using Metasploit in Kali Linux
  6. An Introduction To Hacker’s OS: Kali Linux And Setup Tutorial.
  7. Linux Powerful Distros For Hacking Or Security: Kali, Tails And Qubes
  8. Become A Hacker: What Is Denial of Service (DoS) Attack? 
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)